Release Info

Advisory: CLSA-2024:1707420277

OS: Ubuntu 18.04 ELS

Public date: 2024-02-08 14:24:39

Project: tomcat9

Version: 9.0.16-3ubuntu0.18.04.2+tuxcare.els4

Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2024-1707420277.html

Changelog

* SECURITY UPDATE: Incorrect parsing of HTTP trailer headers - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 * Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs - debian/patches/0101-skipping-tests-incompatible-with-firewall.patch: Skipping tests incompatible with the firewall settings of the build system - debian/test_certs/*, debian/source/include-binaries, debian/rules: Update the keystore files and certificates from the upstream branch 9.0.x to fix internal tests

Update

Update command: apt-get update apt-get --only-upgrade install tomcat9*

Packages list

libtomcat9-embed-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb libtomcat9-java_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9-admin_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9-common_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9-docs_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9-examples_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb tomcat9-user_9.0.16-3ubuntu0.18.04.2+tuxcare.els4_all.deb

CVEs

CVE-2023-46589